Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e534e98 by Chris Lamb at 2026-01-28T13:23:47-08:00
Reserve DLA-4458-1 for python-django
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -168225,7 +168225,6 @@ CVE-2024-6232 (There is a MEDIUM severity
vulnerability affecting CPython.
CVE-2024-45231 (An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16.
The dja ...)
- python-django 3:4.2.16-1
[bookworm] - python-django <no-dsa> (Minor issue)
- [bullseye] - python-django <postponed> (Minor issue; can be fixed in
next update)
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
(4.2.16)
CVE-2024-45230 (An issue was discovered in Django 5.1 before 5.1.1, 5.0 before
5.0.9, ...)
@@ -174876,13 +174875,11 @@ CVE-2024-7518 (Select options could obscure the
fullscreen notification dialog.
CVE-2024-42005 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
- python-django 3:4.2.15-1 (bug #1078074)
[bookworm] - python-django <no-dsa> (Minor issue)
- [bullseye] - python-django <postponed> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28/
(4.2.15)
CVE-2024-41991 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
- python-django 3:4.2.15-1 (bug #1078074)
[bookworm] - python-django <no-dsa> (Minor issue)
- [bullseye] - python-django <postponed> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/
(4.2.15)
CVE-2024-41990 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
@@ -174895,7 +174892,6 @@ CVE-2024-41990 (An issue was discovered in Django 5.0
before 5.0.8 and 4.2 befor
CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
- python-django 3:4.2.15-1 (bug #1078074)
[bookworm] - python-django <no-dsa> (Minor issue)
- [bullseye] - python-django <postponed> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b/
(4.2.15)
CVE-2024-42062 (CloudStack account-users by default use username and password
based au ...)
@@ -181498,20 +181494,17 @@ CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks
proper validation of the leng
CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
- python-django 3:4.2.14-1 (bug #1076069)
[bookworm] - python-django <no-dsa> (Minor issue)
- [bullseye] - python-django <postponed> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
(4.2.14)
NOTE: Relates to CVE-2023-23969 fix
CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
- python-django 3:4.2.14-1 (bug #1076069)
[bookworm] - python-django <no-dsa> (Minor issue)
- [bullseye] - python-django <postponed> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
(4.2.14)
CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
- python-django 3:4.2.14-1 (bug #1076069)
[bookworm] - python-django <no-dsa> (Minor issue)
- [bullseye] - python-django <postponed> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
(4.2.14)
CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was
discovered ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Jan 2026] DLA-4458-1 python-django - security update
+ {CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVE-2024-41989
CVE-2024-41991 CVE-2024-42005 CVE-2024-45231}
+ [bullseye] - python-django 2:2.2.28-1~deb11u11
[26 Jan 2026] DLA-4457-1 openjdk-11 - security update
{CVE-2026-21925 CVE-2026-21932 CVE-2026-21933 CVE-2026-21945}
[bullseye] - openjdk-11 11.0.30+7-1~deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -353,6 +353,8 @@ python-django (Chris Lamb)
NOTE: 20260126: trixie SPU filed as #1126461. (lamby)
NOTE: 20260126: bullseye regression identified as CVE-2025-6069 in python3.9
3.9.2-1+deb11u4 (lamby)
NOTE: 20260128: trixie uploaded. (lamby)
+ NOTE: 20260128: DLA-4458-1 released, fixing CVE-2024-39329 CVE-2024-39330
CVE-2024-39614 CVE-2024-41989 CVE-2024-41991 CVE-2024-42005 CVE-2024-45231.
(lamby)
+ NOTE: 20260128: keeping note here for bookworm SPU. (lamby)
--
python-tornado (dleidert)
NOTE: 20251214: Added by Front-Desk (dleidert)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e534e98af92bc339dfed8a14d9e5b1e048f9045
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e534e98af92bc339dfed8a14d9e5b1e048f9045
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
